diff --git a/2017/15xxx/CVE-2017-15098.json b/2017/15xxx/CVE-2017-15098.json
index 2f4b62725b4..7c2a9449a2b 100644
--- a/2017/15xxx/CVE-2017-15098.json
+++ b/2017/15xxx/CVE-2017-15098.json
@@ -1,8 +1,32 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "secalert@redhat.com",
+      "DATE_PUBLIC" : "2017-11-09T00:00:00",
       "ID" : "CVE-2017-15098",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "postgresql",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Red Hat, Inc."
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +35,29 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "CWE-200"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.postgresql.org/support/security/"
+         },
+         {
+            "url" : "https://www.postgresql.org/about/news/1801/"
          }
       ]
    }
diff --git a/2017/15xxx/CVE-2017-15099.json b/2017/15xxx/CVE-2017-15099.json
index 46d89b805ce..7128528a35b 100644
--- a/2017/15xxx/CVE-2017-15099.json
+++ b/2017/15xxx/CVE-2017-15099.json
@@ -1,8 +1,32 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "secalert@redhat.com",
+      "DATE_PUBLIC" : "2017-11-09T00:00:00",
       "ID" : "CVE-2017-15099",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "postgresql",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Red Hat, Inc."
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +35,26 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "INSERT ... ON CONFLICT DO UPDATE commands disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "CWE-200"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.postgresql.org/support/security/"
          }
       ]
    }
diff --git a/2017/16xxx/CVE-2017-16894.json b/2017/16xxx/CVE-2017-16894.json
index f00bd14a5a4..ea629029475 100644
--- a/2017/16xxx/CVE-2017-16894.json
+++ b/2017/16xxx/CVE-2017-16894.json
@@ -34,7 +34,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions."
+            "value" : "In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework."
          }
       ]
    },